Revised May 28, 2020
Web Services Users and Website Visitors
Like most Web services operators, Kenna collects non-personal information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Kenna’s purpose in collecting such information is to better understand how Kenna’s users and visitors use its Website and services. From time to time, Kenna may release such information in the aggregate, e.g., by publishing a report on trends in the usage of its Website and services.
Kenna also collects Internet Protocol (IP) addresses. Kenna does not use such information to identify its visitors and does not disclose such information other than under the circumstances described below.
Collection and Use of Personal Information
Certain visitors to the Website and users of Kenna’s services choose to interact with Kenna in ways that require or allow Kenna to gather personal information. The amount and type of personal information that Kenna gathers depends on the nature of the interaction. For example, we ask users of Kenna applications to provide a username and email address. In each case, Kenna collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Kenna. Kenna does not disclose personal information other than as described below. Visitors and users can always decline to provide their personal information, with the caveat that it may prevent them from engaging in certain activities.
If you are a registered user of a Kenna service and have supplied your email address, Kenna may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Kenna and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.
Kenna may collect statistics about the behavior of visitors to its Website and users of its services. For instance, Kenna may collect and disclose aggregate data on how much vulnerability data an average customer collects, or what the most common vulnerability scores are across all customers. However, Kenna does not disclose personal information other than as described below.
Kenna collects, aggregates, and stores vulnerability and audit data for its customers. Kenna will not disclose individual records other than in an aggregated and anonymized format as described above or for the purposes described below.
Disclosure of Personal Information
Kenna will disclose the personal information that we collect or you provide to Kenna only in the following circumstances:
- To service providers that Kenna uses to support its business and that are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Kenna discloses it to them. Further information regarding such third parties is provided below.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kenna’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kenna is among the assets transferred.
To comply with any valid court order, law, or legal process, including to respond to any government or regulatory request.
- If Kenna believes disclosure is necessary or appropriate to protect the rights, property, or safety of Kenna, Kenna’s customers, or others.
As noted above, Kenna may share personal information with certain service providers. Kenna is currently using the following service providers that have agreed to use personal information (to the extent disclosed) only for the purpose of providing services to Kenna:
- Pardot (www.pardot.com), for marketing automation services.
- Salesforce (www.salesforce.com), for account and lead management services.
- On24 (www.on24.com)for webinars and video solutions.
- Engagio (www.engagio.com), for data consolidation services.
- LeanData (www.leandatainc.com), for lead management services.
- Influitive (www.influitive.com) for community management.
- Webinfinity (www.webinfinity.com) for partner relationship management
Kenna will not rent or sell your personal information to anyone.
Security of Personal Information
Kenna has implemented technical and organizational measures, appropriate to the risk, to protect your personal information against accidental or unlawful destruction, loss or alteration and unauthorized disclosure or access. However, due to the inherent open nature of the Internet, we cannot ensure or warrant the security of any information provided online.
Retention of Personal Information
Do Not Track
Kenna does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
Links to Other Web Websites
If, at any time after providing your personal information to us, you change your mind about receiving information from us or about the use of information volunteered by you, you may opt out by sending us a request specifying your new choice. Please contact us at firstname.lastname@example.org.
California law grants additional privacy rights to California residents. In particular, the California Consumer Privacy Act (CCPA) requires businesses to disclose, for the past 12 months, (i) the categories of personal information collected, (ii) the sources of the collected personal information, (iii) the purposes for which the collected personal information is used, (iv) the categories of personal information disclosed for a business purpose, and (v) the categories of any personal information sold. Kenna provides these disclosures in the following table. Kenna has not sold personal information in the past 12 months.
|Category||Sources of Collection||Purposes of Collection||Disclosures for a Business Purpose|
|Identifiers||Website visits and registration for a Kenna service||To allow use of Kenna’s services and to enable Kenna to communicate with you||To Kenna service providers for the purpose of providing Kenna’s services to you|
|Personal information categories listed in the California Customer Records statute||Registration for a Kenna service||To allow use of and payment for Kenna’s services||To Kenna service providers to facilitate payment transactions|
|Internet or other similar network activity||Your browsing and search history on the Kenna Website||To improve the visitor experience on the Kenna Website, diagnose server problems and administer the Kenna Website||To marketing specialist companies for the purpose of enhancing the Kenna Website and improving the effectiveness of our advertising|
California residents also have the rights described below. We will not discriminate against any California resident who exercises these rights.
Right to access/know. You may request from us a list of (i) the personal information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your personal information. You have the right to up to two (2) access requests each twelve (12) months.
Right to delete your personal information. You may request, at any time, that we delete your personal information.
Residents of the State of California may exercise their data protection rights under the California Consumer Privacy Act (CCPA) by contacting us at:
or by phone at +1-855-474-7546
or by email at email@example.com
To ensure the privacy and protection of individuals, we are required to verify your identity or otherwise authenticate your request(s). Please note that, under the CCPA, we are not required to grant a request to access/know or a request to delete with respect to personal information obtained from you in your role as an employee, owner, director, officer or contractor of a company and within the context of Kenna providing its services to such company.
EU and Swiss Privacy Shield
Purposes of EU and Swiss Personal Data Collection and Use. We will only process EU and Swiss Personal Data in ways that are compatible with the purpose for which we collected the EU and Swiss Personal Data, or for purposes that the individual or entity providing the EU and Swiss Personal Data later authorizes. Before we use your EU and Swiss Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. We maintain reasonable procedures to help ensure that EU and Swiss Personal Data is reliable for its intended use, accurate, complete, and current.
Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your EU and Swiss Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Access Rights. You may have the right to access the EU and Swiss Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EU and Swiss Personal Data, you can submit a written request to us at firstname.lastname@example.org. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. We will provide an individual with an opt-out choice before we sharing an individual’s personal data with third parties other than our agents, or before we use it for a purpose other than that for which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, you may submit a written request to email@example.com.
Data Transfers to Third Parties. Our accountability for EU and Swiss Personal Data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process EU and Swiss Personal Data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Kenna has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism administered by the Council of Better Business Bureaus (“BBB”). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you may visit the BBB’s EU Privacy Shield website at https://www.bbb.org/EU-privacy-shield for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Kenna is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Additional European Union Privacy Rights
If you are located in the European Union, you have certain additional rights with respect to your personal information under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), including the following:
- The right of access to your personal information.
- The right to rectify your personal information if it is incorrect or incomplete.
- The right to have your personal information erased (“right to be forgotten”) if certain grounds are met.
- The right to withdraw your consent to our processing of your personal information at any time (if our processing is based on consent).
- The right to object to our processing of your personal information (if processing is based on legitimate interests).
- The right to object to our processing of your personal information for direct marketing purposes.
- The right to receive your personal information from us in a structured, commonly used and machine-readable format, and the right to transmit your personal information to another controller without hindrance from us (data portability).
You may contact us at firstname.lastname@example.org to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your personal information. Furthermore, if you believe that our processing of your personal information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.